<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        
        
        
        <link rel="shortcut icon" href="../../img/favicon.ico">
        <title>第4天 - RHEL7学习笔记</title>
        <link href="../../css/bootstrap.min.css" rel="stylesheet">
        <link href="../../css/font-awesome.min.css" rel="stylesheet">
        <link href="../../css/base.css" rel="stylesheet">
        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css">

        <script src="../../js/jquery-1.10.2.min.js" defer></script>
        <script src="../../js/bootstrap.min.js" defer></script>
        <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
        <script>hljs.initHighlightingOnLoad();</script> 
    </head>

    <body>
        <div class="navbar fixed-top navbar-expand-lg navbar-dark bg-primary">
            <div class="container">
                <a class="navbar-brand" href="../..">RHEL7学习笔记</a>
                <!-- Expander button -->
                <button type="button" class="navbar-toggler" data-toggle="collapse" data-target="#navbar-collapse">
                    <span class="navbar-toggler-icon"></span>
                </button>

                <!-- Expanded navigation -->
                <div id="navbar-collapse" class="navbar-collapse collapse">
                        <!-- Main navigation -->
                        <ul class="nav navbar-nav">
                            <li class="navitem">
                                <a href="../.." class="nav-link">关于</a>
                            </li>
                            <li class="dropdown active">
                                <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown">RH124 <b class="caret"></b></a>
                                <ul class="dropdown-menu">
                                    
<li>
    <a href="../" class="dropdown-item">RH124</a>
</li>
                                    
<li>
    <a href="../day1/" class="dropdown-item">第1天</a>
</li>
                                    
<li>
    <a href="../day2/" class="dropdown-item">第2天</a>
</li>
                                    
<li>
    <a href="../day3/" class="dropdown-item">第3天</a>
</li>
                                    
<li>
    <a href="./" class="dropdown-item active">第4天</a>
</li>
                                    
<li>
    <a href="../day5/" class="dropdown-item">第5天</a>
</li>
                                    
<li>
    <a href="../day6/" class="dropdown-item">第6天</a>
</li>
                                    
<li>
    <a href="../disk/" class="dropdown-item">硬盘结构</a>
</li>
                                    
<li>
    <a href="../ps_kill/" class="dropdown-item">练习 16：处理进程，`ps`，`kill`</a>
</li>
                                </ul>
                            </li>
                            <li class="dropdown">
                                <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown">RH134 <b class="caret"></b></a>
                                <ul class="dropdown-menu">
                                    
<li>
    <a href="../../RH134/" class="dropdown-item">RH134</a>
</li>
                                    
<li>
    <a href="../../RH134/day1/" class="dropdown-item">第1天</a>
</li>
                                    
<li>
    <a href="../../RH134/day2/" class="dropdown-item">第2天</a>
</li>
                                    
<li>
    <a href="../../RH134/day3/" class="dropdown-item">第3天</a>
</li>
                                    
<li>
    <a href="../../RH134/day4/" class="dropdown-item">第4天</a>
</li>
                                    
<li>
    <a href="../../RH134/day5/" class="dropdown-item">第5天</a>
</li>
                                </ul>
                            </li>
                            <li class="dropdown">
                                <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown">RH254 <b class="caret"></b></a>
                                <ul class="dropdown-menu">
                                    
<li>
    <a href="../../RH254/" class="dropdown-item">RH254</a>
</li>
                                    
<li>
    <a href="../../RH254/day1/" class="dropdown-item">第1天</a>
</li>
                                    
<li>
    <a href="../../RH254/day2/" class="dropdown-item">第2天</a>
</li>
                                    
<li>
    <a href="../../RH254/day3/" class="dropdown-item">第3天</a>
</li>
                                    
<li>
    <a href="../../RH254/day4/" class="dropdown-item">第4天</a>
</li>
                                    
<li>
    <a href="../../RH254/day5/" class="dropdown-item">第5天</a>
</li>
                                </ul>
                            </li>
                        </ul>

                    <ul class="nav navbar-nav ml-auto">
                        <li class="nav-item">
                            <a href="#" class="nav-link" data-toggle="modal" data-target="#mkdocs_search_modal">
                                <i class="fa fa-search"></i> Search
                            </a>
                        </li>
                            <li class="nav-item">
                                <a rel="prev" href="../day3/" class="nav-link">
                                    <i class="fa fa-arrow-left"></i> Previous
                                </a>
                            </li>
                            <li class="nav-item">
                                <a rel="next" href="../day5/" class="nav-link">
                                    Next <i class="fa fa-arrow-right"></i>
                                </a>
                            </li>
                    </ul>
                </div>
            </div>
        </div>

        <div class="container">
            <div class="row">
                    <div class="col-md-3"><div class="navbar-light navbar-expand-md bs-sidebar hidden-print affix" role="complementary">
    <div class="navbar-header">
        <button type="button" class="navbar-toggler collapsed" data-toggle="collapse" data-target="#toc-collapse" title="Table of Contents">
            <span class="fa fa-angle-down"></span>
        </button>
    </div>

    
    <div id="toc-collapse" class="navbar-collapse collapse card bg-secondary">
        <ul class="nav flex-column">
            
            <li class="nav-item" data-level="1"><a href="#4" class="nav-link">第4天</a>
              <ul class="nav flex-column">
            <li class="nav-item" data-level="2"><a href="#systemd" class="nav-link">Systemd</a>
              <ul class="nav flex-column">
              </ul>
            </li>
            <li class="nav-item" data-level="2"><a href="#openssh" class="nav-link">OpenSSH</a>
              <ul class="nav flex-column">
              </ul>
            </li>
            <li class="nav-item" data-level="2"><a href="#_8" class="nav-link">网络配置</a>
              <ul class="nav flex-column">
              </ul>
            </li>
              </ul>
            </li>
        </ul>
    </div>
</div></div>
                    <div class="col-md-9" role="main">

<h1 id="4">第4天</h1>
<h2 id="systemd"><font color=red>Systemd</font></h2>
<ul>
<li>systemd 进程 ID 为 1，是所有进程的父进程，负责激活系统中的其他服务。</li>
<li>sytemctl 命令用于管理各种 systemd 对象，称为单元，可通过 <code>systemctl -t help</code> 查看所有类型</li>
</ul>
<h3 id="_1">查看单元</h3>
<blockquote>
<p>查看所有已加载单元状态</p>
</blockquote>
<pre><code>systemctl
</code></pre>

<blockquote>
<p>查看指定类型单元状态,--all 显示所有单元</p>
</blockquote>
<pre><code>systemctl -t service
</code></pre>

<blockquote>
<p>查看指定单元状态</p>
</blockquote>
<pre><code>systemctl status sshd
</code></pre>

<blockquote>
<p>判断单元是否活动</p>
</blockquote>
<pre><code>systemctl is-active sshd
</code></pre>

<blockquote>
<p>判断单元是否开机启动</p>
</blockquote>
<pre><code>systemctl is-enabled sshd
</code></pre>

<h3 id="_2">其它命令</h3>
<table>
<thead>
<tr>
<th>操作</th>
<th>命令</th>
</tr>
</thead>
<tbody>
<tr>
<td>查看状态</td>
<td>systemctl status UNIT</td>
</tr>
<tr>
<td>停止单元</td>
<td>systemctl stop UNIT</td>
</tr>
<tr>
<td>启动单元</td>
<td>systemctl start UNIT</td>
</tr>
<tr>
<td>重启单元</td>
<td>systemctl restart UNIT</td>
</tr>
<tr>
<td>重载配置</td>
<td>systemctl reload UNIT</td>
</tr>
<tr>
<td>屏蔽单元</td>
<td>systemctl mask UNIT</td>
</tr>
<tr>
<td>解除屏蔽</td>
<td>systemctl unmask UNIT</td>
</tr>
<tr>
<td>开机自启</td>
<td>systemctl enable UNIT</td>
</tr>
<tr>
<td>取消自启</td>
<td>systemctl disable UNIT</td>
</tr>
<tr>
<td>查看依赖</td>
<td>systemctl list-dependencies UNIT</td>
</tr>
<tr>
<td><strong>活动单元 restart 进程 ID改变，reload 进程 ID 不变</strong></td>
<td></td>
</tr>
</tbody>
</table>
<h2 id="openssh"><font color=red>OpenSSH</font></h2>
<blockquote>
<p>SSH 是目前较可靠，专为远程登录会话和其他网络服务提供安全性的协议。
SSH提供两种级别的安全验证：</p>
</blockquote>
<ul>
<li>基于口令的安全验证（用户密码）</li>
<li>基于密匙的安全验证（公钥+私钥）</li>
</ul>
<blockquote>
<p>椭圆曲线数字签名算法（Elliptic Curve Digital Signature Algorithm），简称ECDSA。
ECDSA key fingerprint 为主机的 ID 标识，用户初次连接无法确定主机真实性会进行询问，之后会保存在用户家目录下的 <code>.ssh/known_hosts</code>文件中，下次连接不再询问，若主机 ID 发生改变则禁止连接。</p>
</blockquote>
<h3 id="_3">基于口令的安全验证</h3>
<blockquote>
<p>在远程主机上创建对用户，并设置密码即可（ssh 服务默认开机启动，且允许口令验证）</p>
</blockquote>
<pre><code>[root@server ~]# useradd sshuser
[root@server ~]# echo redhat | passwd --stdin root
</code></pre>

<blockquote>
<p>客户端连接远程主机需要输入密码</p>
</blockquote>
<pre><code>[root@desktop ~]# ssh sshuser@172.25.0.11
</code></pre>

<h3 id="_4">基于密匙的安全验证</h3>
<blockquote>
<p>生成秘钥对</p>
</blockquote>
<pre><code>[root@desktop ~]# ssh-keygen -t rsa
</code></pre>

<blockquote>
<p>发送公钥到被管理主机</p>
</blockquote>
<pre><code>[root@desktop ~]# ssh-copy-id root@172.25.0.11
</code></pre>

<blockquote>
<p>免密码登陆</p>
</blockquote>
<pre><code>[root@desktop ~]# ssh root@172.25.0.11
</code></pre>

<h3 id="_5">安全策略</h3>
<blockquote>
<p>禁用密码验证(需要提前准备秘钥认证)</p>
</blockquote>
<pre><code>[root@server ~]# vim /etc/ssh/sshd_config
PasswordAuthentication no
</code></pre>

<blockquote>
<p>仅允许使用秘钥进行身份验证（不能使用口令验证）</p>
</blockquote>
<pre><code>PermitRootLogin without-password
</code></pre>

<blockquote>
<p>禁止root用户直接登录（需要创建其他用户并设置密码，若之前禁用密码验证则需要准备秘钥认证）</p>
</blockquote>
<pre><code>[root@server ~]# vim /etc/ssh/sshd_config
PermitRootLogin no
</code></pre>

<h3 id="_6">其它命令</h3>
<table>
<thead>
<tr>
<th>命令</th>
<th>选项及作用</th>
</tr>
</thead>
<tbody>
<tr>
<td>ssh</td>
<td>远程登录主机，-X 启用 X11 图形化转发，-i 指定身份验证文件（私钥）</td>
</tr>
<tr>
<td>ssh-keygen</td>
<td>生成秘钥对，-f 指定密钥对文件名，-t 指定加密算法</td>
</tr>
<tr>
<td>ssh-copy-id</td>
<td>发送公钥到远程主机，-i 指定身份验证文件（公钥）</td>
</tr>
</tbody>
</table>
<h3 id="_7">练习</h3>
<ul>
<li>在 foundationX 上使用 ssh-keygen 生成密钥对，使用 ssh-copy-id 发送至 desktopX 和 serverX然后使用 ssh 登陆 desktopX 和 serverx，执行以下操作，所有操作不能直接到虚拟机操作</li>
<li>在 desktopX 上使用 ssh-keygen -f 生成密钥，保存位置为 ~/sshkey/key</li>
<li>desktopX 使用 ssh-copy-id -i 发送公钥至 root@serverX</li>
<li>desktopX 使用 ssh -i 连接 root@serverX</li>
<li>修改 desktopX 的 /etc/ssh/ssh_config，添加 IdentityFile ~/sshkey/key</li>
<li>desktopX 使用 ssh root@serverX 直接连接</li>
<li>修改 serverX 的 /etc/ssh/sshd_config，禁止root用户使用密码的登陆
PermitRootLogin without-password</li>
<li>desktopX 使用 ssh-copy-id -i 发送公钥至 student@serverX</li>
<li>修改 serverX 的 /etc/ssh/sshd_config，禁止密码验证
PasswordAuthentication no</li>
<li>修改 serverX 的 /etc/ssh/sshd_config，禁止 root 登陆
PermitRootLogin no</li>
<li>至此，desktopX 可以使用 student 用户的登陆 serverX，root 用户无法直接登陆，但可以通过 su - 切换 root 用户</li>
</ul>
<h2 id="_8"><font color=red>网络配置</font></h2>
<h3 id="_9">图形化配置工具</h3>
<ul>
<li>右上角-&gt;用户名-&gt;setting-&gt;Network</li>
<li>nmtui</li>
<li>nm-connection-edit</li>
</ul>
<h3 id="nmcli">命令行工具 nmcli</h3>
<ul>
<li>device 网络设备，一般是网卡</li>
<li>connection 网络连接，可以理解为网卡的配置</li>
<li>一个设备可以对应多个连接，但同时只能有一个连接处于激活状态</li>
<li>配置文件 <code>/etc/sysconfig/network-scripts/ifcfg-*</code></li>
</ul>
<blockquote>
<p>查看设备</p>
</blockquote>
<pre><code>nmcli device
</code></pre>

<blockquote>
<p>查看连接</p>
</blockquote>
<pre><code>nmcli connection
</code></pre>

<blockquote>
<p>添加连接</p>
</blockquote>
<pre><code>##DHCP获取地址
nmcli con add con-name [连接名] ifname [设备名] type ethernet
##手工配置地址
nmcli con add con-name [连接名] ifname [设备名] type ethernet ip4 [IP]/[掩码] gw4 [网关]
</code></pre>

<blockquote>
<p>删除连接</p>
</blockquote>
<pre><code>nmcli con del [连接名]
</code></pre>

<blockquote>
<p>修改连接</p>
</blockquote>
<pre><code>##修改IP
nmcli con mod [连接名] ipv4.method manual ipv4.addresses &quot;[IP]/[掩码] [网关]&quot;
##添加dns
nmcli con mod [连接名] ipv4.dns [DNS_IP]
</code></pre>

<blockquote>
<p>启用连接</p>
</blockquote>
<pre><code>nmcli con up [连接名]
</code></pre>

<blockquote>
<p>断开连接</p>
</blockquote>
<pre><code>nmcli con down [连接名]
</code></pre>

<blockquote>
<p>连接网卡</p>
</blockquote>
<pre><code>nmcli dev connect [设备名]
</code></pre>

<blockquote>
<p>断开网卡</p>
</blockquote>
<pre><code>nmcli dev disconnect [设备名]
</code></pre>

<h3 id="_10">其它命令</h3>
<table>
<thead>
<tr>
<th>操作</th>
<th>命令</th>
</tr>
</thead>
<tbody>
<tr>
<td>测试连通</td>
<td>ping，-c 指定次数</td>
</tr>
<tr>
<td>查看路由</td>
<td>ip route，route -n</td>
</tr>
<tr>
<td>查看端口</td>
<td>ss，netstat，-n 显示接口和端口编号，-t 显示 tcp 套接字，-u 显示 udp 套接字，-l 显示侦听中的套接字，-a 显示所有套接字，-p 显示套接字进程</td>
</tr>
<tr>
<td>路由追踪</td>
<td>traceroute，tracepath</td>
</tr>
</tbody>
</table></div>
            </div>
        </div>

        <footer class="col-md-12">
            <hr>
            <p>Documentation built with <a href="https://www.mkdocs.org/">MkDocs</a>.</p>
        </footer>
        <script>
            var base_url = "../..",
                shortcuts = {"help": 191, "next": 78, "previous": 80, "search": 83};
        </script>
        <script src="../../js/base.js" defer></script>
        <script src="../../search/main.js" defer></script>

        <div class="modal" id="mkdocs_search_modal" tabindex="-1" role="dialog" aria-labelledby="searchModalLabel" aria-hidden="true">
    <div class="modal-dialog modal-lg">
        <div class="modal-content">
            <div class="modal-header">
                <h4 class="modal-title" id="searchModalLabel">Search</h4>
                <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
            </div>
            <div class="modal-body">
                <p>
                    From here you can search these documents. Enter
                    your search terms below.
                </p>
                <form>
                    <div class="form-group">
                        <input type="text" class="form-control" placeholder="Search..." id="mkdocs-search-query" title="Type search term here">
                    </div>
                </form>
                <div id="mkdocs-search-results"></div>
            </div>
            <div class="modal-footer">
            </div>
        </div>
    </div>
</div><div class="modal" id="mkdocs_keyboard_modal" tabindex="-1" role="dialog" aria-labelledby="keyboardModalLabel" aria-hidden="true">
    <div class="modal-dialog">
        <div class="modal-content">
            <div class="modal-header">
                <h4 class="modal-title" id="keyboardModalLabel">Keyboard Shortcuts</h4>
                <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
            </div>
            <div class="modal-body">
              <table class="table">
                <thead>
                  <tr>
                    <th style="width: 20%;">Keys</th>
                    <th>Action</th>
                  </tr>
                </thead>
                <tbody>
                  <tr>
                    <td class="help shortcut"><kbd>?</kbd></td>
                    <td>Open this help</td>
                  </tr>
                  <tr>
                    <td class="next shortcut"><kbd>n</kbd></td>
                    <td>Next page</td>
                  </tr>
                  <tr>
                    <td class="prev shortcut"><kbd>p</kbd></td>
                    <td>Previous page</td>
                  </tr>
                  <tr>
                    <td class="search shortcut"><kbd>s</kbd></td>
                    <td>Search</td>
                  </tr>
                </tbody>
              </table>
            </div>
            <div class="modal-footer">
            </div>
        </div>
    </div>
</div>

    </body>
</html>
